My "supplier" hijacks my DNS

Tom’s recent video on Cloudflare DNS gave me an opportunity to follow up on a conversation I had with the network guys for the retirement village I live in. They mentioned that all DNS queries, irrespective of your settings were being remapped to the village’s ISP’s DNS server. Unfortunately the WTF moment didn’t hit me until after the conversation which was about more pressing problems I was having at the time.

Anyway, I decided to test if this was actually happening. I set my Win10 machine’s DNS to and, after having downloaded Bind for Windows did a dig @ pornhub dot com which, as expected, didn’t return an IP address but did for google dot com. I then browsed to pornhub dot com and promptly got an eyeful. My conclusion, keeping in mind my PC has a manual DNS entry of, was that indeed DNS queries were being redirected.

Other than confronting them over this “policy” is there any way anyone knows that I can use to circumvent what they are doing? I have tried using DoH for my browser but I find that noticeably slows browsing and of course it only applies to the browser.

From snooping around on their network (that’s a whole other story but it involved connecting my network to the VOIP port on their access point…) I know they have Ruckus gear and are using a Firebox security gateway. My house is treated as a VLAN and I have been allocated 40 addresses. (The nice thing about the setup is I can access my devices from any access point anywhere in the village - I guess this is based on login credentials.) I was once planning on installing a bunch of Unify stuff, including a DreamMachine Pro but that was on the assumption I had my own direct connection to an ISP, not having a middleman in the position that they can muck around with my connection (and having the Firebox potentially reduces the need for my own security gateway).

Any help would be appreciated.

One option may be to setup a local DNS server that forwards requests out over DoH to Cloudflare or Google. I believe you can configure pihole to make DoH queries. This would at least help give you some better local caching for common DNS queries, and would let it work outside of the browser.

You could also try out the DNSCrypt client on your machine and see how that does, it’s what I used in the past prior to more support for DoH/DoT from DNS providers. May be quicker than doing it at the browser level. I also never noticed any obvious slowdowns in all of my years using it on mobile devices.

Beyond that, you could get a VPN and just punch a hole straight out of their network. Probably won’t give you any benefits though in regards to connection speed or DNS lookup time, but it does get you out of the ‘hostile’ network.

Thanks Mike, DNSCrypt looks interesting, I’ll try that first.

Using DNSCrypt on my iPad as guinea pig. Seems to be working fine with no noticeable impact on network performance. I just have to expand that to all my other devices now. My TV and Apple TVs may miss out though…

Thanks again for the suggestion.

1 Like